Re: How secure is your e-mail password?
- From: Jeffrey Walton <noloader@xxxxxxxxx>
- Date: Mon, 20 Sep 2010 11:56:52 -0700 (PDT)
On Sep 20, 10:06 am, "James H. Markowitz" <no...@xxxxxxxxxxx> wrote:
On Mon, 20 Sep 2010 14:42:13 +0200, Anonymous Remailer (austria) wrote:Correct, since the password space is searchable by brute force (even
I don't understand why most POP email is still authenticated using
cleartext passwords instead of digest (hash) based authentication (which
doesn't send the password itself but a hash of the password). Anyone can
steal your e-mail password by simply monitoring on a public network.
That's also true if you send a hash of the password, rather than
the password itself, in the clear. It makes no difference to the attacker
what the original password may have been.
with the use of salts and nones). See, for example, "Strong Password-
Only Authenticated Key Exchange" by David P. Jablon, Section 1.1, The
Remote Password Problem.
- Prev by Date: Re: How secure is your e-mail password?
- Next by Date: Scalable Key Cryptography – An Arithmetic Progression.
- Previous by thread: Re: How secure is your e-mail password?
- Next by thread: Scalable Key Cryptography – An Arithmetic Progression.